Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-29400

Опубликовано: 11 мая 2023
Источник: debian
EPSS Низкий

Описание

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.20fixed1.20.4-1package
golang-1.19fixed1.19.9-1experimentalpackage
golang-1.19fixed1.19.10-2package
golang-1.19no-dsabookwormpackage
golang-1.19no-dsabullseyepackage
golang-1.15removedpackage
golang-1.15no-dsabullseyepackage
golang-1.11removedpackage
golang-1.11postponedbusterpackage

Примечания

  • https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU

  • https://github.com/golang/go/issues/59722

  • https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)

  • https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4)

EPSS

Процентиль: 15%
0.00048
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-29400

CVSS3: 7.3
ubuntu
около 2 лет назад

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

redhat логотип

CVE-2023-29400

CVSS3: 7.3
redhat
около 2 лет назад

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

nvd логотип

CVE-2023-29400

CVSS3: 7.3
nvd
около 2 лет назад

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

github логотип

GHSA-c9hr-fvm9-7c49

CVSS3: 7.3
github
около 2 лет назад

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

fstec логотип

BDU:2023-03472

CVSS3: 7.3
fstec
около 2 лет назад

Уязвимость языка программирования Go, существующая из-за непринятия мер по нейтрализации специальных элементов, позволяющая нарушителю внедрить произвольные атрибуты в теги HTML

EPSS

Процентиль: 15%
0.00048
Низкий